Search CSRC

Abstract: This bulletin summarizes the information presented in NIST SP 800-90A, Revision 1. The publication specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions or block cipher algorithms.

Conference: 16th IEEE International Conference on Information Reuse and Integration (IRI 2015) Abstract: Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today’s dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of entities (subject and object), operations, an...

Conference: 20th International Symposium on Fundamentals of Computation Theory (FCT 2015) Abstract: We study the relationship between two measures of Boolean functions; "algebraic thickness" and "normality". For a function f, the algebraic thickness is a variant of the "sparsity", the number of nonzero coefficients in the unique F_2 polynomial representing f, and the normality is the largest dimen...

Abstract: This standard specifies hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.

Abstract: This Standard specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data. Each of the SHA-3 functions is based on an instance of the KECCAK algorithm that NIST selected as the winner of the SHA-3 Cryptographic Hash Algorithm Competition. This Standard also specifies the KECCAK-...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: We live in a world where the flow of electronic information and communication has become a ubiquitous part of our everyday life. While our lives are enhanced in many ways, we also experience a myriad of challenges especially to our privacy and security. Survey data shows that the majority of people...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: Password policies – documents which regulate how users must create, manage, and change their passwords – can have complex and unforeseen consequences on organizational security. Since these policies regulate user behavior, users must be clear as to what is expected of them. Unfortunately, current po...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study f...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: The current work examines subjective password usability across platforms—desktop, smartphone, and tablet—using system-generated passwords that adhere to the stricter password requirements found in higher-security enterprise environments. This research builds upon a series of studies at the United St...

Conference: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust Abstract: Password management is the ubiquitous struggle of the modern human. Despite usability playing a vital role in authentication, many password policies and requirements focus on security without sufficient consideration of human factors. In fact, security and usability needs are often in contention. Un...

Conference: 2015 International Conference on Grid & Cloud Computing and Applications (GCA '15) Abstract: Cloud Data centers are predominantly made up of Virtualized hosts. The networking infrastructure in a cloud (virtualized) data center, therefore, consists of the combination of physical IP network (data center fabric) and the virtual network residing in virtualized hosts. Network Segmentation (Isola...

Abstract: The purpose of this SP is to provide appropriate and useful guidelines for assessing the reliability of issuers of PIV Cards and Derived PIV Credentials. These issuers store personal information and issue credentials based on OMB policies and on the standards published in response to HSPD-12 and the...

In: Advances in Computers (2015) Abstract: Combinatorial testing has rapidly gained favor among software testers in the past decade as improved algorithms have become available and practical success has been demonstrated. This chapter reviews the theory and application of this method, focusing particularly on research since 2010, with a brie...

Conference: International Symposium on Forensic Science Error Management: Detection, Measurement and Mitigation Abstract: Recognized sources of error in digital forensics include systematic errors arising from implementation errors, and random errors resulting from faulty equipment. But as digital forensic techniques expand to include statistical machine learning, another source of error will be statistical errors that...

Abstract: This bulletin summarizes the information presented in NIST SP 800-73-4: Interfaces for Personal Identity Verification and NIST SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification. SP 800-73-4 has been updated to align with FIPS 201-2. SP 800-78-4 has been updat...

Conference: Lightweight Cryptography Workshop 2015 Abstract: We present PFLASH, an asymmetric digital signature scheme appropriate for smart card use. We present parameters for several security levels in this low resource environment and bootstrap many technical properties (including side-channel resistance) exposed in the evaluation of predecessors of this s...

Journal: IEEE Cloud Computing Abstract: Despite the undisputed advantages of cloud computing, customers-in particular, small and medium enterprises (SMEs)-still need meaningful understanding of the security and risk-management changes that the cloud entails so they can assess whether this new computing paradigm meets their security requir...

In: Encyclopedia of Biometrics (2015) Abstract: Conformance testing is the method that is used to determine if a product, process or system (known as an implementation under test) satisfies the requirements specified in the base standard. The goal of conformance testing is to capture enough of the requirements of the base standard and test them u...

In: Encyclopedia of Biometrics (2015) Abstract: Common Biometric Exchange Formats Framework (CBEFF) provides a standardized set of definitions and procedures that support the interchange of biometric data in standard data structures called CBEFF biometric information records (BIRs). CBEFF permits considerable flexibility regarding BIR structures...

Journal: International Journal of Computer Science: Theory and Application Abstract: We show that the strength of Internet-based network interconnectivity of countries is increasing over time. We then evaluate bounds on the extent to which a group of colluding countries can disrupt this connectivity. We evaluate the degree to which a group of countries can disconnect two other count...

Abstract: This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions or block cipher algorithms.

Abstract: Conformance testing measures whether an implementation faithfully implements the technical requirements defined in a standard. Conformance testing provides developers, users, and purchasers with increased levels of confidence in product quality and increases the probability of successful interoperab...

Journal: Journal of Cryptology Abstract: In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various Merkle–Damgard-based iterative hash functions. Compared to the previously known long-message second-preimage attacks, our attack offers more...

Abstract: FIPS 201-2 requires explicit user action by the Personal Identity Verification (PIV) cardholder as a condition for use of the digital signature key stored on the card. This document clarifies the requirement for explicit user action to encourage the development of compliant applications and middlewa...